Establishing a Chain-of-Trust for secure device manufacturing

The challenges of a secure manufacturing solution should not be understated. Secure devices must be able to be provided anywhere in the world with OEM private keys and product software protection. Major semiconductor suppliers and programming centers need to ensure their secure elements and microcontrollers are designed according to rigorous security standards, and to establish and maintain Chains-of-Trust.


By Rajeev Gulati, Data I/O                                                       Download PDF version of this article


As digital devices become ubiquitous at home and at work, and as humans become dependent on these devices to help organize more of their lives, the security of these devices becomes an increasingly important area of concern. Conservative market analysts estimate there will be 20 billion connected devices in the Internet of Things (IoT) by 2020. Security experts agree the best way to ensure better Internet of Things security is to integrate security features and embed Roots-of-Trust (RoT) early in the design and manufacturing stage, often referred to as security by design. It is essential to establish a Chain-of-Trust from the hardware through software and into final products. This involves starting with a secure MCU or secure element with a Roots-of-Trust then creating an environment to authenticate that device and its firmware. This Roots-of-Trust then needs to be transferable to any manufacturing environment with minimal process changes. The end result is a trusted device that will operate as intended and can be authenticated by the rightful owner.

Before we delve deeper into issues that impact security in manufacturing, it is helpful to first understand the digital device manufacturing process. Digital devices (e.g. mobile phones, smart thermostats, routers, smart watches, smart light bulbs etc) are generally manufactured by Original Equipment Manufacturers (OEMs). OEMs use component ICs (e.g. MPU, MCU, memory chips, storage chips, modem chips, configurable logic chips etc) to develop the hardware of a digital device. These component ICs are procured by OEMs from silicon vendors, who develop and manufacture them prior to their use in smart devices. OEMs design not only the hardware of the smart device, but also design and develop the embedded firmware that runs inside the device and makes it smart.

Figure 1. Chain-of-Trust: Secure supply chain

 

Silicon vendors generally design their component ICs at their own development labs. In order to manufacture their ICs some silicon vendors set up their own fabrication factory. Others rely on third parties to fabricate their silicon for them. To get their devices to market, silicon vendors either sell their ICs directly to OEMs or use IC distribution partners to sell their components. Like silicon vendors, most OEMs design the hardware and firmware of their digital device at their own development laboratories. Based on factors that impact quality, cost and time to market, OEMs have multiple choices when it comes to manufacturing. The manufacture of an OEM device involves at least three steps: assembly of the multiple ICs of the device on to a predesigned and fabricated printed circuit board (PCB), programming of the firmware into the storage component IC of the digital device, and testing the hardware and the firmware of the manufactured device to ensure that they work together as designed. OEMs can choose to do all the three steps at their own factory. Alternatively, OEMs can have the programming of firmware into ICs done at an IC vendor’s distribution partner prior to shipping programmed components to a contract manufacturer for assembly and testing. As a third alternative, all three steps can be done at the same contract manufacturer. From the review of the IC manufacturing process and the digital device manufacturing process described, it is clear that the device manufacturing supply chain is distributed worldwide and the process can include multiple stakeholders aside from the OEM.

The first critical issue in manufacturing related to security is that, given that the supply chain of ICs is global and the device manufacturing process can be distributed across multiple entities in multiple geographies, the supply chain OEMs use to build their smart devices is today insecure. There are many factors that lead to the insecurity of the supply chain. The first is that a large number of IC components manufactured by silicon vendors lack a unique digital identity that can be verified by OEMs as part of the manufacturing process. Another is that where IC identity exists, OEMs have not incorporated an IC verification process to validate the authenticity of the component ICs. This could be because a verification process has not been developed, or such a process exists but is not scalable to high volume manufacturing because its integration into manufacturing adversely impacts cost or time to market, or both.

Lack of security in the supply chain of components is not limited to the silicon IC. Boot loader and firmware that is developed by an OEM is important intellectual property (IP) that also needs to have a digital identity. This IP also needs to be protected (from changes or loss) while in transit from the point of creation (OEM development laboratory) to the point of programming (OEM factory, programming center, contract manufacturer). The device manufacturing processes that are deployed today are weak and do not ensure such outcomes. Another insecurity factor comes into play when an OEM decides to outsource manufacturing to a third party: since third party manufacturing is done at a remote geographical location, OEMs have no secure process to manage production counts of their devices at the manufacturing site. These OEM have to implicitly trust their third party manufacturing partners to build the correct number of devices. Unfortunately, this trust is broken more often than not, leading to overproduction of devices.

The impact of an insecure supply chain on an OEM is extremely high. Lack of a verifiable component identity leads to the use of counterfeit components in devices. If this happens, these devices may be of poorer quality and may not be functional equivalents to devices made from genuine OEM authorized components. Lack of IP protection can lead to manufacture of duplicate devices by alternate OEMs with the same features and functionality as the original device. Use of counterfeit components, overproduction of devices and duplication of devices lead to lower ASP, lower revenue, higher warranty and support costs and lower profitability for the OEM. Lack of security in the supply chain costs OEMs lost revenue to the tune of hundreds of millions of dollars. Figure 1 shows the example of a secure supply chain. The second critical issue in manufacturing related to security has to do with the OEM’s ability to manufacture trusted devices. A trusted device is one which has a unique and verifiable system level identity, and can store and execute firmware in a tamper-free environment. Some devices have additional security requirements to be able to communicate securely with other devices or systems.

Figure 2. Secure provisioning system architecture

 

The first factor that impacts an OEM’s ability to build trusted devices is the choice of components that the OEM makes. Trusted devices need to have security functionality designed in - ability to securely generate keys, ability to execute encryption in a secure environment, ability to store firmware in protected storage, and ability to run firmware in a protected environment. If the OEM does not embrace security by design paradigm and ignores security requirements, it is likely the device will be built with the wrong components. This is indeed the case today, as a number of OEMs are ignoring security as a primary device requirement. The second factor impacting OEM ability to manufacture trusted devices is the availability, maturity and cost of additional technology and processes that need to be integrated into the manufacturing process. Embedding security into devices requires the secure flow of important OEM key material and Roots of Trust from an OEM facility to where devices are manufactured. These methods have yet to be developed and integrated into the device manufacturing process. Embedding security into devices also requires advancements in programming technology so that security credentials for devices can be generated and programmed in addition to programming of firmware. Such technology is yet to be designed and integrated into existing high-volume manufacturing processes. Protecting firmware on a device also requires extending the programming cycle on the device to first secure the device and then to program encrypted firmware on the device. This change in programming flow requires development of new device algorithms that secure the device and firmware on the device and lock the device out.

Some OEMs use in system programming (ISP) a method to embed security and firmware into devices. Such a process is done late in the device manufacturing cycle, after components are placed on the device PCB. From a security perspective, this approach works if the OEM is manufacturing devices in its own factory. However, if the OEM is using third parties for manufacturing, the OEM would have no cost-effective method to verify if all the devices have been built using authentic components. In addition, the phases of manufacturing prior to ISP programming will remain vulnerable to tampering attacks. Devices need to be preprogrammed or provisioned, and the most secure way to accomplish this is at the semiconductor supplier factory or via secure preprogramming equipment. Data I/O is the leader in secure programming and has built a 45-year reputation around trustworthy data programming. The new Sentrix provisioning and programming offers best-in-class security to the individual device secure programming market.


Related


Give Your Product a Voice with Alexa

Join us for a deep dive into the system architecture for voice-enabled products with Alexa Built-In. Device makers can use the Alexa Voice Service (AVS) to add conversational AI to a variety of produc...

The two big traps of code coverage

Code coverage is important, and improving coverage is a worthy goal. But simply chasing the percentage is not nearly so valuable as writing stable, maintainable, meaningful tests. By Arthur Hick...

Securing the smart and connected home

With the Internet of Things and Smart Home technologies, more and more devices are becoming connected and therefore can potentially become entry points for attackers to break into the system to steal,...

Accurate and fast power integrity measurements

Increasing demands on power distribution networks have resulted in smaller DC rails, as well as a proliferation of rails that ensure clean power reaches the pins of integrated circuits. Measuring r...

 

Perfect Motion Control For the Networked World

We live in a physical world where everything is connected. Trinamic transforms digital information into physical motion with accessible, flexible, and easy to use toolkits putting the world’s be...


New High-Performance Serial NAND: A Better High-Density Storage Option for Automotive Display

The automotive requirements: speed, reliability and compatibility. Winbond's high-performance serial NAND Flash technology offers both cost and performance advantages over the SPI NOR Flash typica...


President Tung-Yi talks about Winbond

Winbond is a leading specialty memory solution provider with a wide rage of product portfolio. Owned technology and innovation are our assets for our industry and our customers. Winbond we are high qu...


New Memory and Security Technologies for Designers of IoT Devices

Internet of Things (IoT) edge nodes are battery-powered, often portable, and are connected to an internet gateway or access point wirelessly. This means that the most important constraints on new I...


Winbond TrustMe Secure Flash - A Robust and Certifiable Secure Storage Solution

Winbond has introduced the TrustMe secure flash products to address the challenge of combining security with advanced process nodes and remove the barriers for adding secure non-volatile storage to pr...


Ultra-Low-Power DRAM: A “Green” Memory in IoT Devices

Winbond is offering a new way to extend the power savings available from Partial Array Self-Refresh (PASR), which was already specified in the JEDEC standard by implementing a new Deep Self-Refresh (D...


Polytronics Thermal Conductive Board (TCB) at Electronica 2018

This video introduce the basic product structure, advantage, and application of Polytronics thermal conductive board (TCB). Polytronics exhibit wide range of circuit protection products and thermal ma...


Arrow and Analog Devices strategic partnership and collaborative approach to provide solutions for our customers.

Mike Britchfield (VP for EMEA Sales) talks about why Analog Devices have a collaborative approach with Arrow Arrow’s design resources are key, from regional FAEs in the field to online des...


WE MAKE IT YOURS! Garz & Fricke to present the latest HMIs and SBCs at Electronica 2018

Sascha Ulrich, Head of Sales at Garz & Fricke, gives you a quick overview about the latest SBC, HMI and Panel-PC Highlights at electronica 2018. Learn more about the SANTOKA 15.6 Outdoor HMI, the ...


Macronix Innovations at electronica 2018

Macronix exhibited at electronica 2018 to showcase its latest innovations: 3D NAND, ArmorFlash secure memory, Ultra Low Vcc memory, and the NVM solutions with supreme quality mainly focusing on Automo...


ams CEO talks about their sensor solutions that define the mega trends of the future

In this video Alexander Everke, ams’ CEO, talks to Alix Paultre of EETimes about their optical, imaging and audio sensor solutions in fast-growing markets – from smartphones, mobile device...


Intel accelerated IoT Solutions by Arrow

Arrow is showing Intel’s Market Ready Solutions in a Retailer shop with complete eco environment. From sensors via gateways into the cloud, combined with data analytics, the full range of Intel ...


CSTAR - Manufacturers of cable assembly from Taiwan

CSTAR was founded in 2010 in Taipei, Taiwan. Through years of experience, we are experts in automotive products, LCD displays, LCD TVs, POS, computers, projectors, laptops, digital cameras, medical ca...


NXP Announces LPC5500 MCU Series

Check this video to discover the new NXP microcontroller LPC5500, the target application and focus area. Links to more information: LPC5500 Series: World’s First Arm® Cortex® -M...


Molex Meets Solutions at Electronica

These are exciting times in the electronics world as Molex migrates from a pure connectors company to an innovate solutions provider. Solutions often start at the component level, such as the connecto...


Alix Paultre investigates Bulgin's new optical fiber rugged connector range at Electronica 2018

Alix Paultre interviews Bulgin's Engineering Team Leader Christian Taylor to find out more about the company's new range of optical fiber connectors for harsh environments. As the smallest rug...


Cypress MCU and Connectivity are the best choice for real-world IoT solutions.

Cypress’ VP of Applications, Alan Hawse, explains why people should use Cypress for their IoT connectivity and MCU needs. Cypress wireless connectivity and MCU solutions work robustly and sea...


Chant Sincere unveils their latest High Speed/High Frequency connection solutions at Electronica 2018

Chant Sincere has been creating various of product families to provide comprehensive connection solutions to customers. USB Series Fakra Series QSFP Series Metric Connector Series Fibro ...


Addressing the energy challenge of IoT to unleash billions of devices

ON Semiconductor introduces various IoT use cases targeted towards smart homes/buildings, smart cities, industrial automation and medical applications on node-to-cloud platforms featuring ultra-low po...


ITECH, world leading manufacturer of power test instruments, shinned on electronica 2018

ITECH, as the leading power electronic instruments manufacturer, attended this show and brought abundant test solutions, such as automotive electronics, battery test, solar array simulator, and electr...


ITECH new series give users a fantastic user experience

ITECH latest series products have a first look at the electronics 2018, such as IT6000B regenerative power system, IT6000C bi-directional programmable DC power supply, IT6000D high power programmable ...


SOTB™ Process Technology - Energy Harvesting in Embedded Systems is Now a Reality

Exclusive SOTB technology from Renesas breaks the previous trade-off between achieving either low active current or low standby current consumption – previously you could only choose one. With S...


Power Integrations unveils their new motor control solution

In this video friend of the show Andy Smith of Power Integrations talks to Alix Paultre from Aspencore Media about their new BridgeSwitch ICs, which feature high- and low-side advanced FREDFETs (Fast ...


Panasonic talks about their automotive technology demonstrator

In this video Marco from Panasonic walks Alix Paultre of Aspencore Media through their automotive technology demonstrator at electronica 2018. The demonstrator highlights various vehicle subsystems an...